Critical Cisco security hole could lead to hackers seizing control of thousands of home routers
If you are a company running Cisco Prime Home to control your customers’ devices – update it now.
Read more in my article on the Bitdefender Box blog.
If you are a company running Cisco Prime Home to control your customers’ devices – update it now.
Read more in my article on the Bitdefender Box blog.
Vanity Fair |
How a Grad Student Found Spyware That Could Control Anybody's iPhone from Anywhere in the World
Vanity Fair FinSpy was quickly identified as part of a spyware product named “FinFisher,” created and marketed by a British company called Gamma Group, which billed FinFisher as a new way for police and intelligence agencies to monitor criminals and spies. |
Control Design |
IIC publishes the Industrial Internet Security Framework
Control Design The Industrial Internet Consortium (IIC) has published the Industrial Internet Security Framework (IISF), a common security framework that addresses security issues in IIoT systems. The IISF emphasizes the importance of five IIoT characteristics … IIC releases Internet Security Famework IIC Releases Industrial Internet Security Framework – RTInsights Industry Group Issues Security Framework for Industrial IoT |
The world has seen the most unsettling attack yet resulting from the so-called Rowhammer exploit, which flips individual bits in computer memory. It’s a technique that’s so surgical and controlled that it allows one machine to effectively steal the cryptographic keys of another machine hosted in the same cloud environment.
Until now, Rowhammer has been a somewhat clumsy and unpredictable attack tool because it was hard to control exactly where data-corrupting bit flips happened. While previous research demonstrated that it could be used to elevate user privileges and break security sandboxes, most people studying Rowhammer said there was little immediate danger of it being exploited maliciously to hijack the security of computers that use vulnerable chips. The odds of crucial data being stored in a susceptible memory location made such hacks largely a matter of chance that was stacked against the attacker. In effect, Rowhammer was more a glitch than an exploit.
Now, computer scientists have developed a significantly more refined Rowhammer technique they call Flip Feng Shui. It manipulates deduplication operations that many cloud hosts use to save memory resources by sharing identical chunks of data used by two or more virtual machines. Just as traditional Feng Shui aims to create alignment or harmony in a home or office, Flip Feng Shui can massage physical memory in a way that causes crypto keys and other sensitive data to be stored in locations known to be susceptible to Rowhammer.